Have a Laugh
Reputation: 307
Possible RFI detected
I'm currently cleaning up my code with PHPCS Security Audit, for the file I'm currently working on PHPCS outputs the following errors:
10 | ERROR | No file extension has been found in a include/require function. This implies that some PHP code is not scanned by PHPCS.
10 | WARNING | Possible RFI detected with __DIR__ on require_once
10 | WARNING | Possible RFI detected with inc on require_once
I've spent the last few hours on Google and the PHP manual trying to figure this out without any solution, if anyone could help me I'd much appreciate it, thank you.
Code:
<?php
define('tpl', 'template');
define('inc', 'include');
require_once(__DIR__ . '/' . inc . '/' . 'template.php');
$tpl = new Template\template(__DIR__ . '/' . tpl . '/' . 'html.tpl');
Upvotes: 0
Views: 672
Answers (1)
Rotimi
Reputation: 4825
RFI stands for remote file inclusion.
This attack occurs when the path to a file or parts of the path is obtained via a URL or any means that can be manipulated by the user.
From your code, I don't see any possible means to inject malicious files.
Upvotes: 2
Related Questions
- php warning fclose() expects parameter 1 to be resource boolean given
- defuse php - Your system does not have a secure random number generator
- Should I be worried about this Error Log?
- security filter in php for rfi
- Very strange error code
- mb_eregi error - need advice on how to solve
- PHP fmod problem
- PHP site with NET ValidateRequest errors
- PHP, PCI compliance problem: How to?
- PHP, RFI, and keeping things secure